About the security content of iOS 4.1 for iPhone and iPod touch

This document describes the security content of iOS 4.1 for iPhone and iPod touch.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

iOS 4.1 for iPhone and iPod touch

Available for: iOS 3.0 through 4.0.2 for iPhone 3GS and later, iOS 3.0 through 4.0.2 for iPod touch (3rd generation)

Impact: An application's use of location services may not be announced through VoiceOver

Description: A user interface accessibility issue exists in the settings panel for Location Services. VoiceOver does not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours. This issue is addressed by ensuring that VoiceOver announces the presence of the icon. Credit to Robin Kipp of Forever Living Products Europe for reporting this issue.

FaceTime

CVE-ID: CVE-2010-1810

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: An attacker in a privileged network position may be able to redirect FaceTime calls

Description: An issue in the handling of invalid certificates may allow an attacker in a privileged network position to redirect FaceTime calls. This issue is addressed through improved handling of certificates. Credit to Aaron Sigel of vtty.com for reporting this issue.

ImageIO

CVE-ID: CVE-2010-1811

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of TIFF images. Credit: Apple.

ImageIO

CVE-ID: CVE-2010-1817

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Processing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in the handling of GIF images. Processing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tom Ferris of Adobe PSIRT for reporting this issue.

WebKit

CVE-ID: CVE-2010-1786

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue exists in WebKit's handling of "foreignObject" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit

CVE-ID: CVE-2010-1770

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A type checking issue exists in WebKit's handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved type checking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit

CVE-ID: CVE-2010-1785

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An uninitialized memory access issue exists in WebKit's handling of the ":first-letter" and ":first-line" pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering ":first-letter" or ":first-line" pseudo-elements in SVG text elements. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit

CVE-ID: CVE-2010-1780

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus. Credit to Tony Chang of Google, Inc. for reporting this issue.

WebKit

CVE-ID: CVE-2010-1793

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents. Credit to Aki Helin of OUSPG for reporting this issue.

WebKit

CVE-ID: CVE-2010-1421

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may change the contents of the clipboard

Description: A design issue exists in the implementation of the JavaScript execCommand function. A maliciously crafted web page can modify the contents of the clipboard without user interaction. This issue is addressed by only allowing clipboard commands to be executed if initiated by the user. Credit: Apple.

WebKit

CVE-ID: CVE-2010-1422

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Interacting with a maliciously crafted website may result in unexpected actions on other sites

Description: An implementation issue exists in WebKit's handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase. This issue is addressed by preventing the delivery of key press events if the keyboard focus changes during processing. Credit to Michal Zalewski of Google, Inc. for reporting this issue.

WebKit

CVE-ID: CVE-2010-1771

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue exists in WebKit's handling of fonts. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of fonts. Credit: Apple.

WebKit

CVE-ID: CVE-2010-1783

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

WebKit

CVE-ID: CVE-2010-1764

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a website that redirects form submissions may lead to an information disclosure

Description: A design issue exists in WebKit's handling of HTTP redirects. When a form submission is redirected to a website that also does a redirection, the information contained in the submitted form may be sent to the third site. This issue is addressed through improved handling of HTTP redirects. Credit to Marc Worrell of WhatWebWhat for reporting this issue.

WebKit

CVE-ID: CVE-2010-1782

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.

WebKit

CVE-ID: CVE-2010-1781

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A double free issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to James Robinson of Google, Inc. for reporting this issue.

WebKit

CVE-ID: CVE-2010-1784

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit

CVE-ID: CVE-2010-1787

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

WebKit

CVE-ID: CVE-2010-1791

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices. Credit to Natalie Silvanovich for reporting this issue.

WebKit

CVE-ID: CVE-2010-1788

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "use" elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.

WebKit

CVE-ID: CVE-2010-1812

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue exists in WebKit's handling of selections. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of selections. Credit to chipplyman for reporting this issue.

WebKit

CVE-ID: CVE-2010-1813

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's rendering of HTML object outlines. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

WebKit

CVE-ID: CVE-2010-1814

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of form menus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is fixed through improved handling of form menus. Credit to Csaba Osztrogonac of University of Szeged for reporting this issue.

WebKit

CVE-ID: CVE-2010-1815

Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to thabermann for reporting this issue.

FaceTime is not available in all countries or regions.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.